Security
Stay informed with the latest developments in cybersecurity through our Security category. Discover in-depth news, analysis, and updates on emerging cyber threats, malware incidents, and major data breaches. Whether you’re a cybersecurity professional or just keen on protecting your digital footprint, find insights and trends that are shaping the future of online security here.
Vulnerabilities exploited faster than ever, says Cloudflare
By the time you read this article, a zero-day CVE is likely getting exploited. According to researchers with Cloudflare, a newly disclosed vulnerability comes under attack at an average of 22 minutes. The internet backbone provider said attackers are more active than ever and are able to jump onto security vulnerabilities with malware exploits at […]
Email addresses of 15 million Trello users leaked on hacking forum
A threat actor has released over 15 million email addresses associated with Trello accounts that were collected using an unsecured API in January. Trello is an online project management tool owned by Atlassian. Businesses commonly use it to organize data and tasks into boards, cards, and lists. In January, GeekFeed reported that a threat actor known as ’emo’ […]
Kaspersky is shutting down its business in the United States
Russian cybersecurity company and antivirus software provider Kaspersky Lab will start shutting down operations in the United States on July 20. Company also confirmed that it will lay off its U.S.-based employees. Independent cybersecurity journalist Kim Zetter first reported that this will affect “less than 50 employees in the U.S.” This comes after the U.S. Treasury Department’s […]
Attackers Exploit URL Protections to Disguise Phishing Links
Cybercriminals are abusing legitimate URL protection services to disguise malicious phishing links, Barracuda researchers have revealed. The firm observed phishing campaigns using three different URL protection services to mask phishing URLs and send victims to websites designed to harvest their credentials. The researchers believe these campaigns have targeted hundreds of companies to date, if not […]
Hackers use PoC exploits in attacks 22 minutes after release
Threat actors are quick to weaponize available proof-of-concept (PoC) exploits in actual attacks, sometimes as quickly as 22 minutes after exploits are made publicly available. That is according to Cloudflare’s Application Security report for 2024, which covers activity between May 2023 and March 2024 and highlights emerging threat trends. Cloudflare, which currently processes an average […]
Netgear warns users to patch auth bypass, XSS router flaws
Netgear warned customers to update their devices to the latest available firmware, which patches stored cross-site scripting (XSS) and authentication bypass vulnerabilities in several WiFi 6 router models. The stored XSS security flaw (fixed in firmware version 1.0.0.72 and tracked as PSV-2023-0122) impacts the XR1000 Nighthawk gaming router. While the company didn’t disclose any details regarding […]
New phishing tactic hijacks email protections to mask links
Email security company Barracuda exposed a recent phishing campaign that uses legitimate URL protection services to mask malicious email links. The new phishing tactic was revealed in a Barracuda blog post Monday, and has been leveraged in attacks beginning around mid-May 2024. The attacks take advantage of the legitimacy of URL protection services used by […]
Indiana County Files Disaster Declaration Following Ransomware Attack
A County in Indiana, US, has filed a disaster declaration following a ransomware attack on local government networks, which has prevented the administration of critical services. Clay County made the declaration after confirming the incident has resulted in an inability to operate Clay County Courthouse and Clay County Probation/Community Corrections facilities. The July 11 declaration […]
DoNex ransomware decoded: How to use Avast decryptor
Avast released a decryptor for DoNex ransomware, offering a free recovery solution for victims of DoNex and its predecessors. DoNex, Muse, DarkRace and fake LockBit 3.0 are all names for a ransomware family that has been active since April 2022, mostly targeting businesses in the United States, Italy and Belgium, according to Avast’s telemetry data. […]
Microsoft Fixes Four Zero-Days in July Patch
Sysadmins have a busy time ahead this month after Microsoft issued updates for over 140 CVEs, including four zero-day vulnerabilities. The zero-days are as follows: RCE Vulnerabilities Microsoft patched five critical RCE vulnerabilities in this July’s Patch Tuesday. First, a SharePoint vulnerability CVE-2024-38023 has been identified. “[It] could allow an authenticated attacker with site owner […]